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AppUcation No- 10/600,683 

Amcndmcm "A'^ dated Aprrl 25. 2006 

Reply to Office Acliun rnoitud Januaj^ 25. 2006 

AMENDMENTS TO THE SPECIFICATION 
Please amend original paragraph [0003] a$ reflected in the following, marked-up version 
of the paragraph: 

(0003] Web-servers as well as user computers have various security concerns and the 
I exchange of information between a user computer and a web site is one ef-of the reasons that 
security is required to protect the infonnation. One of the more common security concerns is 
cross-site scripting. Cross-site scripting attacks typically occur in scenarios where a server 
generates a dynamic web page. By creating a dynamic web page, the server may relinquish 
control ovCT how the output is interpreted by the user computer. In a cross-site scripting attack, a 
security issue arises if untrusted dynamic content can be introduced into a dynamic page. 

Please amend original paragraph [0005] as reflected in the following, marked-up version 
of the paragraph: 

[0005 1 On the Internet, many web-servers are unknowingly vulnerable to cross-site scripting 
attacks. Even though cross-site scripting attacks can be practically eliminated by rigorously 
validating and encoding data, many developers do not have the experience or knowledge to do 
this effectively. In addition, an approach that encodes all ou^ut has an impact on performance 
and may destroy data by encoding previously encoded data. There is a need for systems and 
methods that mitigating m itigate cross-site scripting attacks. 

Please amend original paragraph [0021 J as reflected in the following, marked-up version 
of the paragraph: 

[0021] Cross site scripting attacks can be prevented or mitigated by examining the HTTP 
request for active content. Active content includes, by way of example and not limitation, 
scripts, expressions, events, object tags, and the like. The HTTP request is examined by 
searcliing for markers such as script constructs or other markers of active content. 
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Please amend original paragraph [00241 as reflected in the following, marked-up version 
of the paragraph: 

[0024) When a request is received, the request is searched for markers of active content. A 
server computer, for example, may maintain a list of markers of active content- The markers of 
active nontent in thfii lict ran V*^ nrkHd-^^^H oe YkAAA^^^ «- j — -a.i'4- * * ^ 




